SHODAN for Penetration Testers

Presented at DEF CON 18 (2010), Aug. 1, 2010, 5 p.m. (50 minutes)

SHODAN is a computer search engine. But it is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. This presentation will focus on the applications of SHODAN to penetration testers, and in particular will detail a number of case studies demonstrating passive vulnerability analysis including default passwords, descriptive banners, and complete pwnage. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities.

Presenters:

• Michael Schearer / theprez98 - Security Researcher   as Michael "theprez98" Schearer
  Michael Schearer ("theprez98") is a government contractor who spent nearly nine years in the United States Navy as a combat-experienced EA-6B Prowler Electronic Countermeasures Officer. He also spent nine months on the ground doing counter-IED work with the U.S. Army. He is a graduate of Georgetown University's National Security Studies Program and a previous presenter at DEFCON, and has spoken at ShmooCon, HOPE and internationally at CONFidence (Poland) and HackCon (Norway) as well as other numerous conferences. Michael is a licensed amateur radio operator and an active member of the Church of WiFi. He lives in Maryland with his wife and four children.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Schearer
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - Michael Schearer - SHODAN for Penetration Testers - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=js840O9zHTE

Similar Presentations:

• The Next HOPE (2010) / SHODAN for Penetration Testers
• ToorCon San Diego 14 (2012) / The Long Tail of the Internet (the shodan firehose talk)
• DEF CON 20 (2012) / Drinking From the Caffeine Firehose We Know as Shodan